GitPedia

Grype

A vulnerability scanner for container images and filesystems

From anchore·Updated June 16, 2026·View on GitHub·

**A vulnerability scanner for container images and filesystems.** The project is written primarily in Go, distributed under the Apache License 2.0 license, first published in 2020. It has gained significant community traction with 12,425 stars and 812 forks on GitHub. Key topics include: container-image, containers, cyclonedx, docker, go.

Latest release: v0.114.0
June 5, 2026View Changelog →
<p align="center"> <img alt="Grype logo" src="https://user-images.githubusercontent.com/5199289/136855393-d0a9eef9-ccf1-4e2b-9d7c-7aad16a567e5.png" width="234"> </p>

Grype

A vulnerability scanner for container images and filesystems.

<p align="center"> &nbsp;<a href="https://github.com/anchore/grype/actions?query=workflow%3A%22Static+Analysis+%2B+Unit+%2B+Integration%22"><img src="https://github.com/anchore/grype/workflows/Static%20Analysis%20+%20Unit%20+%20Integration/badge.svg" alt="Static Analysis + Unit + Integration"></a>&nbsp; &nbsp;<a href="https://github.com/anchore/grype/actions/workflows/validations.yaml"><img src="https://github.com/anchore/grype/workflows/Validations/badge.svg" alt="Validations"></a>&nbsp; &nbsp;<a href="https://goreportcard.com/report/github.com/anchore/grype"><img src="https://goreportcard.com/badge/github.com/anchore/grype" alt="Go Report Card"></a>&nbsp; &nbsp;<a href="https://github.com/anchore/grype/releases/latest"><img src="https://img.shields.io/github/release/anchore/grype.svg" alt="GitHub release"></a>&nbsp; &nbsp;<a href="https://github.com/anchore/grype"><img src="https://img.shields.io/github/go-mod/go-version/anchore/grype.svg" alt="GitHub go.mod Go version"></a>&nbsp; &nbsp;<a href="https://github.com/anchore/grype/blob/main/LICENSE"><img src="https://img.shields.io/badge/License-Apache%202.0-blue.svg" alt="License: Apache-2.0"></a>&nbsp; &nbsp;<a href="https://anchore.com/discourse"><img src="https://img.shields.io/badge/Discourse-Join-blue?logo=discourse" alt="Join our Discourse"></a>&nbsp; &nbsp;<a rel="me" href="https://fosstodon.org/@grype"><img src="https://img.shields.io/badge/Mastodon-Follow-blue?logoColor=white&logo=mastodon" alt="Follow on Mastodon"></a>&nbsp; </p>

grype-demo

Features

  • Scan container images, filesystems, and SBOMs for known vulnerabilities (see the docs for a full list of supported scan targets)
  • Supports major OS package ecosystems (Alpine, Debian, Ubuntu, RHEL, Oracle Linux, Amazon Linux, and more)
  • Supports language-specific packages (Ruby, Java, JavaScript, Python, .NET, Go, PHP, Rust, and more)
  • Supports Docker, OCI, and Singularity image formats
  • Threat & risk prioritization with EPSS, KEV, and risk scoring (see interpreting the results docs)
  • OpenVEX support for filtering and augmenting scan results

[!TIP]
New to Grype? Check out the Getting Started guide for a walkthrough!

Installation

The quickest way to get up and going:

bash
curl -sSfL https://get.anchore.io/grype | sudo sh -s -- -b /usr/local/bin

[!TIP]
See Installation docs for more ways to get Grype, including Homebrew, Docker, Chocolatey, MacPorts, and more!

The basics

Scan a container image or directory for vulnerabilities:

bash
# container image
grype alpine:latest

# directory
grype ./my-project

Scan an SBOM for even faster vulnerability detection:

bash
# scan a Syft SBOM
grype sbom:./sbom.json

# pipe an SBOM into Grype
cat ./sbom.json | grype

[!TIP]
Check out the Getting Started guide to explore all of the capabilities and features.

Want to know all of the ins-and-outs of Grype? Check out the CLI docs and configuration docs.

Contributing

We encourage users to help make these tools better by submitting issues when you find a bug or want a new feature.
Check out our contributing overview and developer-specific documentation if you are interested in providing code contributions.

<p xmlns:cc="http://creativecommons.org/ns#" xmlns:dct="http://purl.org/dc/terms/"> Grype development is sponsored by <a href="https://anchore.com/">Anchore</a>, and is released under the <a href="https://github.com/anchore/grype?tab=Apache-2.0-1-ov-file">Apache-2.0 License</a>. The <a property="dct:title" rel="cc:attributionURL" href="https://anchore.com/wp-content/uploads/2024/11/grype-logo.svg">Grype logo</a> by <a rel="cc:attributionURL dct:creator" property="cc:attributionName" href="https://anchore.com/">Anchore</a> is licensed under <a href="https://creativecommons.org/licenses/by/4.0/" target="_blank" rel="license noopener noreferrer" style="display:inline-block;">CC BY 4.0<img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/cc.svg" alt=""><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/by.svg" alt=""></a> </p>

For commercial support options with Syft or Grype, please contact Anchore.

Come talk to us!

The Grype Team holds regular community meetings online. All are welcome to join to bring topics for discussion.

Contributors

Showing top 12 contributors by commit count.

dependabot[bot]

dependabot[bot]

642 commits

wagoodman

wagoodman

491 commits

anchore-actions-token-generator[bot]

anchore-actions-token-generator[bot]

288 commits

spiffcs

spiffcs

106 commits

kzantow

kzantow

101 commits

willmurphyscode

willmurphyscode

100 commits

luhring

luhring

99 commits

westonsteimel

westonsteimel

82 commits

anchore-oss-update-bot

anchore-oss-update-bot

17 commits

cpendery

cpendery

16 commits

jonasagx

jonasagx

11 commits

Vijay-P

Vijay-P

6 commits

View all contributors on GitHub →

This article is auto-generated from anchore/grype via the GitHub API.Last fetched: 6/17/2026